Malware

13 Dec

Researchers Release More Details about Azov as a Polymorphic Wiper

Attacks, Malware

Detection of a wiper such as this is made very difficult due to its polymorphic nature and its time-based logic trigger. It is critical for companies to maintain backups and frequently test recovery of those backups in order to help protect against the damage caused by a wiper like this. Further, companies should perform analysis on infected machines to attempt to identify when initial infection occurred to either restore to a non-infected backup or to…

Read More
13 Dec

Hackers Exploit Critical Citrix ADC and Gateway Zero-day

Attacks, Malware

Citrix has already released patches for all of the affected devices and warns that they should be updated immediately. Anyone running an older version than listed above should also update to the latest version, which will protect them from this vulnerability and potentially other vulnerabilities. According to the NSA, this vulnerability is under active exploitation by APT5, a Chinese threat actor that is known for utilizing zero-days int their attacks. Although this is the only…

Read More
13 Dec

CISA Updates Advisory on #StopRansomware: Cuba Ransomware

Attacks, Insights, Malware

Original release date: December 13, 2022 The Federal Bureau of Investigation (FBI) and CISA have updated joint Cybersecurity Advisory AA22-335A: #StopRansomware: Cuba Ransomware, originally released on December 01, 2022. The advisory has been updated to include additional indicators of compromise (IOCs). CISA encourages organizations to review the latest update to AA22-335A and apply the recommended mitigations. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
13 Dec

Citrix Releases Security Updates for Citrix ADC, Citrix Gateway

Attacks, Insights, Malware

Original release date: December 13, 2022 Citrix has released security updates to address a critical vulnerability (CVE-2022-27518) in Citrix ADC and Citrix Gateway. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been exploited in the wild. CISA encourages users and administrators to review Citrix security bulletin CTX457836 and Citrix’s blog post for more information and to apply the necessary updates. Additionally, CISA urges organizations to review NSA’s advisory…

Read More
13 Dec

Mozilla Releases Security Updates for Thunderbird and Firefox

Attacks, Insights, Malware

Original release date: December 13, 2022 Mozilla has released security updates to address vulnerabilities in Thunderbird, Firefox ESR, and Firefox. An attacker could exploit these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review Mozilla’s security advisories for Thunderbird 102.6, Firefox ESR 102.6, and Firefox 108 for more information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
13 Dec

VMware Releases Security Updates for Multiple products

Attacks, Insights, Malware

Original release date: December 13, 2022 VVMware has released security updates to address multiple vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisories VMSA-2022-0031, VMSA-2022-0033, and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
13 Dec

PCI Secure Software Standard version 1.2 sets out new payment security requirements

Data Breaches, Malware, Social Engineering

The Payment Card Industry Security Standards Council (PCI SSC) has published version 1.2 of the PCI Secure Software Standard and its supporting program documentation. One of two standards that make up the PCI Software Security Framework (SSF), the PCI Secure Software Standard sets out requirements to help ensure that payment software is designed, developed, and maintained in a manner that protects transactions and data, minimizes vulnerabilities, and defends against attacks. The latest version introduces minor…

Read More
13 Dec

New Python-Based Backdoor Targeting VMware ESXi Servers

Information, Malware, News

Security researchers with Juniper Networks’ Threat Labs warn of a new Python-based backdoor targeting VMware ESXi virtualization servers. The targeted servers were impacted by known security defects (such as CVE-2019-5544 and CVE-2020-3992) that were likely used for initial compromise, but what caught the researchers’ attention was the simplicity, persistence, and capabilities of the deployed backdoor. As part of the attack, the threat actor modified a total of four files on the target, which the system…

Read More
13 Dec

Are robots too insecure for lethal use by law enforcement?

Data Breaches, Malware, Social Engineering

In late November, the San Francisco Board of Supervisors voted 8-3 to give the police the option to launch potentially lethal, remote-controlled robots in emergencies, creating an international outcry over law enforcement use of “killer robots.” The San Francisco Police Department (SFPD), which was behind the proposal, said they would deploy robots equipped with explosive charges “to contact, incapacitate, or disorient violent, armed, or dangerous suspects” only when lives are at stake. Missing from the…

Read More
12 Dec

Fortinet Releases Security Updates for FortiOS

Attacks, Insights, Malware

Original release date: December 12, 2022 Fortinet has released security updates to address a heap-based buffer overflow vulnerability (CVE-2022-42475) in FortiOS. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been exploited in the wild.  CISA encourages users and administrators to review Fortinet security advisory FG-IR-22-368, apply the necessary updates, and validate systems against the IOCs listed in the advisory.  This product is provided subject to this Notification…

Read More